Vulnerabilidades en Revive
34 resultadosCVE-2026-44958MEDIUMAn access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when EPSS 0.3%CVE-2025-52669MEDIUMInsecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to havEPSS 0.3%CVE-2026-21641HIGHHackerOne community member Jad Ghamloush (0xjad) has reported an authorization bypass vulnerability in the `tracker-delete.php` script of ReEPSS 0.2%CVE-2026-44957MEDIUMA missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowedEPSS 0.2%CVE-2026-34913MEDIUMA missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlEPSS 0.2%CVE-2026-34912MEDIUMA missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and EPSS 0.2%CVE-2025-55127MEDIUMHackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new uEPSS 0.2%CVE-2025-55129MEDIUMHackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonatioEPSS 0.2%CVE-2026-21640LOWHackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific cEPSS 0.2%CVE-2026-34915MEDIUMA missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user tEPSS 0.2%CVE-2025-55126MEDIUMHackerOne community member Dang Hung Vi (vidang04) has reported a stored XSS vulnerability involving the navigation box at the top of advertEPSS 0.2%CVE-2026-21664MEDIUMHackerOne community member Huynh Pham Thanh Luc (nigh7c0r3) has reported a reflected XSS vulnerability in the afr.php delivery script of RevEPSS 0.2%CVE-2026-21642MEDIUMHackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the `banner-acl.php` and `channel-acl.php` scripEPSS 0.2%CVE-2026-21663MEDIUMHackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the banner-acl.php script of Revive Adserver. AnEPSS 0.2%